Computer networks offer users ease and efficiency in exchanging information. Computer networks are typically comprised of integrated servers, routers, terminals and other components, interoperating and sharing information. Such networks manage a growing list of a variety of needs including transportation, commerce, energy management, communications, and defense.
Unfortunately, the very interoperability and sophisticated integration of technology that make computer networks such valuable assets also make them vulnerable to attack, and make dependence on networks a potential liability. Numerous examples of planned network attacks, such as viruses, worms, and spyware have shown how interconnectivity can be used to spread harmful program code. In addition, public or open network architectures, such as the Internet, permit hackers to have access to information on many different computers. These malicious attackers attempt to gain access to messages generated by a user's computer and to the resources of the user's computer, as well as to use knowledge regarding the operations of the protocol stack and operating systems of users' computers in an effort to gain access to their computers without authorization. Such illicit activity presents a significant security risk to any computer coupled to a network where a user for one computer may attempt to gain unauthorized access to resources on another computer of the network. Furthermore, organized groups have performed malicious and coordinated attacks against various large online targets.
When assessing the security posture of an endpoint device such as a computer terminal or workstation, scanning software is used to conduct tests for the existence of software components containing object code vulnerable to malicious attacks. For such security assessments, there are two methods for the runtime deployment of such scanning software. The first method is when the scanning software is deployed using a server in a client-server architecture. In this type of deployment, the scanning software conducts a network-based assessment of the target system, without any software installed on the endpoint computer device. Such a technique may be known as remote scanning. The second method is when the scanning software is deployed on the local target system. In this type of deployment, the entire scanning software is a “thick client” installed on the local device that contains the scanning engine. Such a technique may be known as local scanning.
There are advantages and disadvantages associated with both methods of scanning. The primary advantage of remote scanning is that it does not require software to be installed at the target local system. On the other hand, local scanning requires dedicated IT resources for managing the deployment and updates of client software on the endpoint devices. To this point in time, an additional limitation of remote scanning has been that the use of standard assessment software has required that the server be running the same operating system as the endpoint computer device. Otherwise, if the server and local target computer are running different operating systems, custom non-standard assessment software must be used to compensate for the incompatibility of the two different operating systems. Accordingly, what is needed is a technique for remotely assessing the security of a computer which allows standard assessment software written for one operating system to execute on a computer different from the one being assessed, without requiring any changes in the standard assessment software.